As I discussed in the first blog in this series, the purpose of this series is to guide you on your journey up the Vulnerability Management Mountain (VMM). Like climbing a mountain, there is a lot of planning and work required, but when you get to the top, the view is amazing and well worth the journey.
For the first phase, let’s start by planning the trip up Vulnerability Mountain.
When you get ready to climb a mountain, you need gear, and you need to know what to ask for at the store. If you are not educated, you can easily wind up with a bunch of gear, products and plans that do not work together and thus expand your risk.
We will start by defining some of the terms we will be using so we can speak the same language.
Vulnerability – A vulnerability (from RFC 4949) is A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
Asset – The idea of an asset has changed over the years and has evolved from being physical hardware like servers, desktops and network gear to any device (virtual or physical), object, device or other component in a network or environment. This now includes laptops, containers, serverless code and even IoT devices.
Vulnerability Assessment – The process of identifying a vulnerability in a network or environment. This assessment is a look at the state of your assets at a single point in time. This assessment can be done by an assessment tool or by a manual pentest.
Remediation – The process of fixing, stopping or working around a vulnerability. Remediation can be done by applying a patch, changing a configuration or even blocking exploit attempts with (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Lamar Bailey. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-management-mountain-step-one/